MDKSA-2005:182

Problem description

A vulnerability in libcurl's NTLM function can overflow a stack-based
buffer if given too long a user name or domain name in NTLM
authentication is enabled and either a) pass a user and domain name to
libcurl that together are longer than 192 bytes or b) allow (lib)curl
to follow HTTP redirects and the new URL contains a URL with a user and
domain name that together are longer than 192 bytes.
The updated packages have been patched to address this issue.